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[57] ABSTRACT 

A system activating and analyzing the biometric data 
fr om a q ^grali ^y of biometricallv-oriented p ersonal iden- 
t ificatio n <^' yices at i ntermittent intervals selectively 
all ows T or prevents continued use of a particular pro- 
te cted system or device t?v a particular lffitiyioual. The 
system is a continuous biometric authentication matrix 
which can employ any number of any variety of biomet- 
ric personal identification devices including thumbscan, 
digital photo, voiceprints, fingerprints, and so on. The 
system acts as a continuously functioning "gate" be- 
tween a system to be protected and a prospective user. 
A prospective user's biometric data is stored for refer- 
ence. When the prospective user attempts to use the 
protected system or device, he or she must interface 
with the system, which then compares the prospective 
user's biometric data to the reference data. This com- 
parison must not only be acceptably close in similarity 
in order to gain access to the protected system, it must 
also continue to be close in subsequent comparisons in 
order for access to the protected system or device to 
continue. The accept/reject threshold for individual 
biometric sensor devices is adjustable, as is the accept- 
/reject threshold for the overall combination of biomet- 
ric sensors. 

24 Claims, 9 Drawing Sheets 
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width, etc.), signature analysis, and so on. As technol- 

CONTINUOUS BIOMETRIC AUTHENTICATION ogy advances, the variety and accuracy of such data 

MATRIX should increase. 

^ t Typically, biometric authentication systems store a 

BACKGROUND OF THE INVENTION 5 prospective user's traits or characteristics for future 

The present invention pertains to persona] identifica- reference. When the user initially seeks access to the 

tion systems, and more particularly a number of systems protected system, his biometric data are again taken, 

for the generation of unforgeable identification data and then compared to the reference data previously stored, 

subsequent comparison of continuously or intermit- If the two sets of data axe acceptably close in nature, 

tently generated identification data in order to protect *° user access is granted. If the two sets differ by more 

access to certain systems and devices. than a preset acceptability tolerance level, user access is 

Security is becoming increasingly important as soci- denied at the very outset, 

ety relies more and more heavily upon information— its Some of these biometric authentication systems store 

storage, communication, creation, transfer, and with- the user's reference data on a smart card to be carried 

drawal. As the volume of information increases, so too 15 by the user. This presents problems regarding loss, 

does the number of storage sites, communication de- theft, or tampering, although some versions encrypt the 

vices, and transfer and withdrawal sites. reference data to hinder tampering. Still others store the 

As the volume of information and the value of infor- reference data in a reference "library," often off site, 

mation increases, so too does the motivation for theft. These libraries of data can be, and often are, encrypted 
Theft of information is at present estimated to be„a 20 for additional protection 

multibillion dollar industry. ' ^njmibex^f hiomrtrir authe ntication systems, re - 

Governments corporations, and otherentihes recog- gar ded as relative ly more .mghWeffective. employ a 

SSh tilSS IZ*^ pr0te t Ct, ? n ' ^7 rC f ^ v ariety of biometric a^tication devices (which mav 

pendmriio^ b F abbreviated as BA D's). Fo r mston ^eTy ^p^t 

tect their classified and sensitive information from unau- 25 - . . waxr . . . , rr T t""^ "" 

thorized access, but no prior device exists to intermit- ™ ly ™ T^^JE^TT ^ f™^ 

tently or continuously determine the authenticity and ^J* ™™ £ * * UP ? ' ^ 
authorization of a person who is remotely accessing a ***** ^ ™ e ? ace *°* * e user ' 
database to read it or update it, or who is entering a lf aut £ entIC ' } s ad ™« ed * Additional biometric devices 

transaction into an information processing system. 30 ™y be employed, but this renders the system more 

Additionally, it is rapidly becoming more desirable to j™ 10 ™ t0 use ^ raises the P roWem of M user-unfriend- 

restrict access to certain systems and pieces of equip- J?}' , , 

ment which have nothing to do with information secu- Tne P roWems biometnc authentication systems, 

rity. For instance, the computer-based gaming (i.e., as they exist now, are basically of two categories. First, 

gambling) industry is being restricted in growth because 35 are decreasing rapidly in security effectiveness due 

access systems are not yet able to ensure non-use by to improvements in technology and increased ingenuity 

minors. Fraudulent use of cellular phones by unautho- of adver ^es. Second, they are user unfriendly and 

rized users accounts for yearly losses estimated to ex- of * en intimidating to rightful users since such systems 

ceed one hundred million dollars. Other systems in exist artificial barrier to a user attempting to use a 

which access restriction is a problem unsolved in the art 40 protected system or device. 

include military weapons systems, nuclear power plant Present biometric authentication systems, no matter 

controls, aircraft, locomotives, ships, and spacecraft, !> ow sophisticated, basically act as a "gate" to a pro- 

among many others. tected system. Once a prospective user gains entry to a 

There are many methods and systems whose sole protected system or access to a protected device, the 

purpose is the protection of certain equipment or sys- 45 user stays in, unchecked. The user is then free and clear, 

terns from unauthorized user access. These protection Technology can, in such systems, be made to work for 

systems include but are not limited to magnetic strip non-rightful users, and such non-rightful users are often 

cards, Personal Identification Numbers (PINs), so- clever. A short term biometric "charade" (false creden- 

called "smart cards," passwords, keys, magnetic keys, tials) can be manufactured. The charade need only be 
and so on. All of these systems rely upon a piece of 50 short term since only the initial check need be fooled, 

information or a physical artifact, in the possession of a For instance, digital recording and playback devices 

rightful user, for access to be gained. The problems with may fool a one-time voiceprint analysis. Such a "cha- 

this approach are evident, and examples of such prob- rade" is difficult enough to sustain for a once only 

lems are as follows. The information or artifact may be check— to be required to sustain it indefinitely could 

extracted from a rightful user under duress, the access- 55 increase the difficulty to near impossibility. Therefore, 

required information may be stolen through surveil- if biometric checks are increased in duration and/or 

lance, or the physical artifact may be stolen and possibly number, security would be enhanced, 

even duplicated. Any of these possibilities would allow Also, user substitution presents a similar problem. An 

a fraudulent user to pose as a rightful user. authorized user, upon gaining entry to a protected sys- 

Other access protection systems employ certain phys- 60 tem, could then turn the system over to an unauthorized 

ical traits, measurements, and other characteristics spe- user. Continuous or intermittent periodic biometric 

cific to a particular user. These physical characteristics checks would eliminate this problem. Continued use of 

are generally referred to as Biometric Data. These data a protected system or device would be directly depen- 

include, but are certainly not limited to, palm, thumb, or dent upon continued "passing" of such intermittent 

fingerprints, voiceprint, digital photo, dynamic signa- 65 biometric tests, especially if performed at random inter- 

ture, sonic pulse signature, hand geometry, biochemical vals. 

analysis, retinal scan, keyboard typing pattern, body As to the user-friendliness aspect of such continuous 

measurements (e.g., height, weight, density, wrist testing, since continuous checks must be made of the 
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user, it would be preferable to make the biometric sen- programming and the protected system programming 

sors less distracting by incorporating them into the are physically separate. 

system or device to be protected. This could, for exam- FIG. 4 is a schematic, block diagram of a portable, 

pie, include integrating the present invention into the mini-computer-based embodiment of the present inven- 

user interface, thereby making the user subject to pass- -5 tion, employing a plurality of various biometric authen- 

ing the biometric threshold each and every time the' tication devices. 

user interacts with the system. FIG. 5 is a flowchart diagram of steps used in a basic 

~, ™ , - , embodiment of the present invention such as that shown 

SUMMARY OF THE INVENTION in pjQ y 

The above and other objects are accomplished ac-- 10 FIGS. 6A and 6B together form a flowchart diagram 
cording to the invention in that a biometrically-based of *e- basic logical steps for a more sophisticated em- 
authentication system is provided which intermittently bodiment of the present invention, 
authenticates a user during use of a system, so as to **G. 7 is a schematic drawing of a joystick as modi- 
improve system security. fied t0 incorporate a thumbscan sensor. 

The system is referred to hereafter as a continuous / 5 FIG - 8A "? a schematic drawing of a computer mouse 
biometric authentication matrix, and can include any modified to incorporate a hand geometry scanning sen- 
combination of hardware, software, and/or firmware sor > «"* F1G - 8B is a schematic drawing of a computer 
which provides intermittent or continuous biometric mouse modified to incorporate a thumbscan sensor, 
checks of a user for the purpose of security protection FIG - 9 ls a schematic drawing of a hand-control lever 
of any system or device. The apparatus according to the 20 m0 ,<* lfied to incorporate at least one biometric authenti- 
present invention is incorporated into the functions of a ^Y 1 ?^ . . 
protected system or device such that continued use of . FIG * X ? l * a schematic : drawing of a video-type gam- 
ine protected system or device is directly dependent »* tennmal P rotected b V a system according to the 
upon continued passing of the biometric tests according „ present invention. 

to a preselected threshold of acceptability. Further, the 25 f f ?■ 15 a schema " c K drawin S of a typical computer 

biometric sensors of a particular embodiment of the work f?* 1 ™ ? rotected b * a s y slem accord,n S to the 

invention may be incorporated into the functional con- P resen mven ion. 

trols of a system or device to be protected. DETAILED DESCRIPTION OF THE 

The relevant biometric data, traits, and characteris- ^ PREFERRED EMBODIMENT 

SI? "'h ' l Tol» lhe *T m l ° h rT T f f ° r/ * the Rowing discussion, "continuous" authoriza- 

S? ' * 7 v U T , d fI 1CC tion refers t0 sampling/comparison cycles, with the 

or system, the user again inputs his or her relevant bio- ^ mum ^ J * s bfim { £ ^ minimum 

metric data. Thisdata is compared to the reference data, . duration of the le for a ^ & ometTic authentica . 

and access is granted or derued] During use of the pro-* 35 tion device ^ ^ tf a thumbscan ^ 6 seconds t0 

tected system or device, if access is granted, the user is , ete one de> the maxiinum number of cycles er 

continuously, at intermittent or random intervals, and- minute is ten 

/or at each attempt to command or interact with the Ultimately,' true continuous authentication, requiring 

system, retested and the new input biometric data com- thousands of comparison cycles per second, may be 

pared to the reference data. If at any point during usage 40 achievable. Available technology at reasonable prices 

of the protected system or device the user should fail must progress for such true continuous testing to be- 

one test or a plurality of tests, the user's access would be come widespread. With such technology, actual motion 

terminated. The termination of access protocol may be recognition, wherein a person's characteristic walk, for 

varied according to application. example, is immediately recognizable, or extremely 

Additionally, acceptance/rejection thresholds of in- 45 accurate continuous facial recognition, should be ob- 

dividual biometric tests may be adjusted according to tainable. 

the application. A hierarchy of individual biometric test Until then however, the continuous analysis at unpr e- 

weights may be incorporated, e.g., the tests may be dictable intervals of the combined data from a plural ity 

weighted according to individual test accuracy. The o T biometric authentication devices overcomes the d is- 

present invention may use only one biometric device or 50 advantages inherent in the prior art devices a nd accord- 

a variety of biometric devices depending upon the ap- i ngly provides improved I s ecurity, ^^ vTuironly one bj o- 

plication. metric authenticaTio^Sevice is necessary and is efie c- 

The above and other objects, features, and advan- tive, security will increase with the number of dispara te 

tages of the present invention will be better understood i fiometric authentication devices employed. 

from the following detailed description taken in con- 55 * For all of the below-described configurations of the 

junction with the accompanying drawings. apparatus according to the present invention, the basic 

BRIEF DESCRIPTION OF THE DRAWINGS steps are as follows: 

1. The recording of a particular user s relevant biomet- 

FIG. 1 is a schematic, block diagram of an embodi- ric characteristics and data, 

ment of the present invention receiving one or two 60 2. The storage of such data for future reference, 

biometric inputs. 3. The taking of new biometric data, corresponding to 

^Fl&iis a schematic, block diagram of a computer- that taken at step (1) above, from a prospective user 

based embodiment of the present invention employing a as he or she attempts to use a protected system or 

plurality of biometric authentication devices. device. 

FIG. 3 is a schematic, block diagram of another com- 65 4. The comparison of new biometric data to the user's 

puter-based embodiment of the present invention em- - reference biometric data. 

ploying a plurality of various biometric authentication 5. The acceptance or rejection of the user based upon 

devices, showing a configuration in which the security the results of comparison. 
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6. The continuous (intermittent and/or unpredictable) mouthpiece, the user, need not do anything other than 
repetition of steps 3, 4, and 5, so long as the protected attempt to use the telephone. The user's voice is input as 
system or device is in use. the signal (C). The microprocessor 114 then gathers the 

7. The rejection of the user and shutdown of the system stored reference data from the storage 112, and sends 
if at any time during use the user fails more than a 5 both the reference data and the new data as indicated by 
prescribed number of comparison tests. signal line (H) to the comparison element. The results of 
FIG. 1 depicts a schematic block diagram of a basic the comparison are sent back through signal line (H) to 

configuration of a system 100 which is an embodiment the microprocessor 114. The microprocessor 114, based 

of a continuous biometric authentication matrix accord- on the programmed protocol sent through signal line 

ing to the present invention. This particular system is 10 (F), determines whether to allow continued function of 

suitable for use with one, and perhaps two, biometric the device, i.e. the cellular telephone. The microproces- 

authentication devices (not shown in FIG. 1). For in- sor 114 selectively terminates use of the telephone func- 

stance, if used with a voiceprint analyzer, the system tion or continues to permit use of the telephone function 

100 would be useful for the protection of cellular tele- through the signal (B), which may be a simple interrup- 

phones from unauthorized use. 15 tion point for a voice signal or may be a telephone 

— - The system 100 includes a function specific micro- power cutoff. If the telephone function is allowed to 

processor or microcomputer 114. The audio input for continue, and the function select remains at "USE," the 

the voiceprint is taken through a mouthpiece transducer random initiator or timer circuit 120 then periodically 

of the phone and the voiceprint biometric data is indi- and intermittently (or unpredictably) prompts the mi- 

cated by signal C. Using a selection switch (not shown) 20 coprocessor 114, through a signal sent along the signal 

supplying a signal A to a function selection circuit 110, line (I), to again gather voice data input and compare it 

the system 100 can be made to take voice data for refer- to the reference data. This cycle continues so long as 

ence storage in a high capacity digital storage portion the function is set to "USE" and the telephone is off- 

112. This storage 112 can for example be a RAM, neural hook. If at any time during use the number of compari- 

data storage chips, etc. The switch for the function 25 son failures exceeds the predetermined number on the 

select circuit 110 preferably is security governed, i.e., programmed protocol, the system 100 will terminate 

wherein the user punches a security code into the tele- the function of the telephone or other device, and await 

phone. In this way only the user may gain access to the next user, 

operate the system initially or program the unifl The °- This basic configuration could also be used with 

telephone and communication apparatus is considered 30 other biometric authentication devices— digital photo 

conventional and is therefore is not shown. While the for instance— to protect other types of devices. Such 

telephone is in use, the user's voice is periodically com- devices might include PC's, control panels, and interac- 

pared to the reference data by a process/compare logic tive units, among other devices, 

circuit 116. The comparison may be initiated by a ran- JFIG. 2 depicts a more complex embodiment of the 

dom initiator or timer circuit 120. Alternatively, if the 35 present invention, showing a system 200 employing a 

voice biometric authentication device is word specific, p]uralitv_of biometric authentication devices 240-250\ 
the comparison may be initiated by the recognition of I n_ this system, a user submits his biometric data, "and 

certain words. An operating program 118 is provided p ossibly other data (e.g., through a digitizing scanner ) 

for the system, and access to the program is indicated by t hrough the various biometric authentication device s 

signal D in FIG. 1. Since the continued function of the 40 2i0-250, These biometric authentication devices 

telephone is dependent upon the decisions made by the Z40-250 are interfaced with a CPU 214 by interfac e 

system 100 according to the present invention, via ac- devices 260-270, respectively. The data is processed- 

cess control, little if any fraudulent use would be possi- —and may be also encrypted, if desired by en crypting 

ble. Also, by use of program access with code, a user ana decrypting device s 220 and 22 2— -and stored irTa 

could bypass the system protocol to allow a passenger 45 storage dev ice 224 Which may be Tsecure Cb-ROM 

to use the telephone. This bypass could have a one-call library or other digital storage site. The storage site ma v 

limit, for example, for safety. be either in^erpai nr remote, and may even constitut e 

As shown in FIG. 1, the entire embodiment may be an other CPU. 
embodied as an integrated circuit with the functional When a user wishes to use a protected system or 
elements interacting as indicated, or the elements may 50 device, he or she again must pass biometric authentica - 
te physically separated, discrete devices to suit the tion tests implemented via the biometric authenticat ion 
intended application. Signals between elements may be Be vices 240-250. The new data obtained by the biom et- 
conducted electrically or by fiber optics, as required. ric T authentication devices 24*)-ii>0 is processed and 

A rightful user selects the proper function, "PRO- c ompared to the user s reference data by the analys is 
GRAM" or "USE" with the controls by signal (A). 55 a nd comparison processor 216. If the user has no refe r- 
Other functions can also be incorporated depending e nce data onJttie. the system 200 according to the pr es- 
upon application. Should the user select "PRO- ent invention will not allow access to the protected 
GRAM," he or she would then program the invention system "or d evice. I f th e peftirient fe^r ggenasiT S on 
by signal (D) to accept his or her voice (for example) file, and the result Of lh£ compa^^lTfavorable ac- 
for reference. The voice data, digitized, would be input 60 cording to the parameters and protocols of the pro- 
by the signal (C), processed as needed by the micro- gramming contained in the programming unit 226, the 
processor 114, and then sent along a signal line (G) for access is permitted. During use, the programming of the 
storage in the high capacity digital storage 112. At a system 200 prompts the biometric authentication de- 
leter time, if the user attempts to use the protected de- vices 240-250 to test the user periodically. These tests 
vice, in this case the cellular telephone, the user would 65 occur as long as the protected system or device is in use. 
simply select "USE" and then speak into the telephone Depending upon the application, the CPU 214 may or 
for an initial biometric voice analysis. Since the voice may not control each of the biometric authentication 
analysis input is incorporated into the telephone's devices 240-250 independently, therefore the biometric 
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authentication devices 240-250 may or may not be syn- display and/or audit device 234 is connected via con- 

chronized with one another temporally. For example, nection XI to the CPU 214. A program access connec- 

one biometric authentication device test might be exe- tion XJ as provided between a program access key- 

cuted only three times in a given minute, while another board device 236 and the CPU 214, for enabling access 

might be executed ten times per minute. 5 to the system programming. Connections between the 

The embodiment depicted in FIG. 2 is a system 200 system according to the present invention and the sys- 

which is a computer-based embodiment of the present tem(s) it protects are via communications lines XT and 

invention. As indicated in FIG, 2, all elements within XQ, and these would be hard connections, 

the dashed line are parts of a trusted, secure computer This particular configuration may be used to protect 

system 201. Those elements outside the dashed line are 10 one or more systems or devices, or to protect access to 

outboard elements (i.e., not part of the computer system a network. 

itself); of course, it is possible to configure the system in FIG. 3 depicts an embodiment of the present inven- 

other ways for the intended use. Those elements that tion similar to that in FIG. 2, but more suitable for use 

straddle or ride the dashed line may be inboard or out- with larger protected systems or networks. The proce- 

board depending upon the particular circumstances, for 15 duxes and functions are substantially the same. This 

the sake of desired use and convenience. Connections system is more remote from the protected system or 

may be electrical, fiber optic, or other depending upon device, allowing for access to and control of a system 

the intended application. physically separate from the user. 

The programming used in the present invention may This configuration depicts a CPU 310 for controlling 

establish a hierarchy of test importance. For instance, 20 the various functions according to the present invention 

test results of the more highly accurate tests can be for controlling a CPU of a protected system 340 which 

weighed more heavily than that of less accurate tests, is dedicated to the protected system 340. In this configu- 

with regard to acceptance/rejection decision making ration, a display/audit device 316, a CD-ROM/digital 

The CPU 214, upon receiving indications of failed com- storage device 332, and a program access device 318 

parisons for a relatively inaccurate test may cause 25 may each communicate with separate sites. These sites 

prompting of a more highly accurate test, before ulti- may be other CPU's or computer systems. Alterna- 

mately deciding whether to reject and subsequently . tively, any combination of the aforementioned three 

shut down. devices 316, 318, and 332 may communicate with one 

The programming according to the present invention site or computer, for monitoring and control of the 

may be accessed and altered through an appropriately 30 entire system 300 according to the present invention 

secure terminal off site (not shown). The entire system and the protected system 340. 

complex may be monitored or audited from off site. The As depicted in FIG. 3, the dashed line indicates a 

programming may, therefore, be customized according computer or computer system 301. A credential rea- 

to the intended use. der/writer 312, a trait data processor 326, a continuous 

The protected system programming co-exists and is 35 biometric authentication matrix programming and pro- 
dependent upon the programming according to the cessor CPU 310, an analysis/comparison processor 322, 
present invention. These programs may exist as two and a protected system programming/processor 320 are 
separate entities, or the instructions according to the provided in the system 301. The communication lines 
present invention may be written into the protected YK, YL, YQ, and YR respectively connect to the CPU 
system's programming. 40 310 the credential reader/writer 312, the trait data pro- 

A credential reader/writer 210, a trait data processor cessor 326, the analysis/comparison processor 322, and 

212, an analysis and comparison processor 216, continu- the protected system programming/processing 320. 

ous biometric authentication matrix programming 214, The communication lines YK, YL, YQ, and YR are all 

and the protected system programming 226 are all ele- internal connections within the computer system 301. 

ments of the system 200. Therefore, the connections 45 Connections between the credential reader/writer 312 

between these elements, labeled as communication lines and the credential issue/input port 314 are made via the 

XK, XL, XM, and XN, are all internal, and are there- communication line YH (which is a hard-wired connec- 

fore part of the computer system 201. Also, if encryp- tion). The display/audit device 316 is connected to the 

tion/decryption is used, and is within the computer CPU 310 by a communication line YI, which is also a 

system, connections XO and XP would also be internal 50 hard-wired connection. The communication lines YH 
to the computer system 201. Depending on the type of and YI can be electrical, fiber optic, or RF, for example, 

computer used and the types of interfaces used, connec- A communication line YJ connects the CPU 310 and 

tions XG1-XG6 connecting the interface devices the program access device 318, and this line may be 

260-270, respectively, to the computer may for example hard-wired or may be internal, depending on the config- 

be either internal or hard-wired. Connections between 55 uration and its intended use. Communication lines YA, 

the biometric authentication devices 240-250 and their YB, YC, YD, YE, and YF respectively connect biomet- 

respective interface devices 260-270 are made by com- ric authentication devices 350-360 with respective in- 

munication lines XA, XB, XC, XD, XE, and XF. The terfaces 362-372. The communication lines YA, YB, 

communication lines XA, XB, XC, XD, XE, and XF YC, YD, YE, and YF are hard-wired connections, 

are preferably hard-wired connections, but this can 60 Communication lines YG1-YG6 between the trait data 

vary depending on the technology involved. Connec- processor 326 and the interfaces 362-372 may be hard 

tions between the computer system 201 and the refer- or internal, depending upon the configuration an its 

ence data library 224 is preferably by use of hard-wired application. An encrypt/decrypt device 328, 330 (if 

connections XR and XS, and these connections XR and required), would preferably be part of the computer 

XS can be electrical, fiber optic, or RF, for example. 65 system 301 (for increased security) and its connections 

Connection between the credential reader/writer port YM and YP to the CPU 30 would be internal. Connec- 

232 and the credential reader/writer 210 is via commu- tions YN and YO between the encrypt/decrypt device 

nication line XH and would be hard-wired as well. A 328, 330 to a reference data library 332 would be by 
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hard-wired connections. Any connections YS between TE5, TL1-TL5) could be electrical or fiber optic con- 

the system 301 and the protected device 340 would be nections, for example. 

by hard-wired connections. Security protection could be enhanced by instructing 
This particular configuration would be ideal for pro- the protected system to shut down should it be dtscon- 
tecting such systems as computer-based gambling, mis- 5 nected from the system 400 according to the present 
sile launch and control, computer networks, and other invention. Using such connection-dependent instruc- 
large, complex systems where access is spread out but tions, the protected computer's* keyboard could be con- 
scrupulous security and user authenticity is nevertheless nected through a chassis of the system 400 according to 
required. the present invention. 

FIG. 4 depicts an outboard embodiment of a system 10 A flowchart is illustrated in FIG. 5 depicting opera- 

400 according to the present invention, which is porta- tion of the system 100 of FIG. 1. Step 20 indicates regis- 

ble in nature and complementary to typical computer tration of an authorized user, such registration being 

systems. The dotted line in this figure indicates those stored as biometric reference data at step 22. An input 

elements contained as part of a portable unit 401, while threshold input is supplied at step 21, and is also stored 

those elements straddling the dashed line may be in- 15 in the biometric reference data storage step 22. If the 

board or outboard depending upon the particular cir- system is determined to be ready at step 24, data is 

cumstances, for the sake of desired use and conve- collected from the biometric authentication device(s) at 

nience. Connections may be electrical, fiber optic, or 26, otherwise the system waits as indicated at 25 and 

other depending upon the intended application. The queries again later whether the system is ready. Suffi- 

system 400 is an expansion of the configuration in FIG. 20 ciency of the amount of data collected at step 26 is 

1, allowing for a plurality of biometric authentication queried at step 24, and if the data is insufficient, step 26 

devices 430-438 and the storage and feeding of their is repeated. If the collected data is determined to be 

data. The user feeds his/her biometric data through the sufficient at step 28, then this collected data is compared 

biometric authentication devices 430-438. The data is to the reference data at step 29. Step 30 determines 

stored for reference in respective digital storage devices 25 whether the threshold is acceptable; if not, a counter 

418-426. When use of the protected system is desired, tests whether the step 26 has been repeated a predeter- 

the user must again go through the biometric authenti- mined number of times x (for a delay) by tracking the 

cation devices 430-438. During use, the microprocessor number of iterations n and comparing the number n to 

or mini-CPU 410 periodically prompts each of the bio- the predetermined. number x, so that step 26 is repeated 

metric authentication devices 430-438 to test the user. 30 x times. If the threshold is acceptable, the system pro- 

The data is stored in the respective one of the digital ceeds as indicated at step 31. Step 32 determines 

storage devices 418-426 until required by the micro- whether system use is required, and if so branches to 

processor or mini-CPU 410, which then compares the step 24; otherwise control branches to step 33 which is 

newly stored data with the corresponding reference a wait step for the next access. 

data. The reference data is stored in a reference data 35 FIGS. 6A and 6B show two parts of a single flow- 
digital storage device 412. Based upon the results of the chart illustrating steps followed in a relatively complex 
comparison, the microprocessor/mini-CPU 410 would arrangement. As shown in FIG. 6A, registration of 
either continue or terminate the user's access via com- authorized users and storage of their biometric data and 
munication line TB to the protected computer system credentials take place as indicated at block 40. Also, 
(not shown in FIG. 4). A program access device 416 for 40 biometric authentication device thresholds and system 
this configuration could consist of a small keypad and protocols are set at block 42. Then at block 41, refer- 
LCD display, with a code being used for enabling pro- ence data is stored, and thresholds of the biometric 
gram access. The digital storage devices 418-426 could authentication devices are set or checked. After this, 
comprise RAM chips, neural storage chips, or any other upon an external event such as an access attempt indi- 
high capacity digital storage format. A buffer/switcher 45 cated at block 44, is at block 43 the system is determined 
414 is connected to all of the digital storage devices to be not ready, branching is to a wait state which then 
418-426 and to the CPU 410, and is used to select one of loops back to block 43. If the system is determined to be 
the digital storage devices 418-426 under direction of ready at block 43, a biometric authentication device is 
the microprocessor/mini-CPU 410, and supply the data selected at block 45, a determination is made whether a 
to it. 50 prompt is required at step 46, and if a prompt is required 
In the embodiment of the present invention in FIG. 4, then the prompt is executed at step 47. When a response 
the entire unit may be integrated into a compact, porta- is received to the prompt as indicated at block 49, 
ble unit. All elements shown, with the possible excep- branching occurs to block 48. If no prompt is required 
tion of the biometric authentication devices 430-438, at step 46, then new data is collected from the biometric 
would be hard-wired connections, such as electrical or 55 authentication device selected as indicated at block 48. 
fiber optic communication lines, within the unit chassis A decision is made at block 50 whether sufficient data 
(not shown). If the biometric devices 430-438 are out- has been collected and if not, return is made to block 48, 
board, the communication lines TF, TG, TI, TJ, TK otherwise branching occurs to block 51 where the new 
between the biometric devices 430-438 and the inter- data is compared to the reference data, 
face units of the storage devices 418-426 would be 60 Then, at block 52 the comparison test results from 
hard-wired. The communication line TA between the block 51 are stored, then the system protocol is checked 
mini-CPU/mini-computer 410 and its program access/- as indicated at block 53. After this, determination is 
display 416 would also be a hard-wired connection, made whether another biometric authentication device 
such as electrical or fiber optic. The communication test is to be conducted and if so, branching is to block 
line TB between the mini-CPU/mini-computer 410 and 65 45. If no further biometric authentication device test is 
the protected system or device (not shown in FIG. 4) to be conducted, then branching is to block 55 of FIG. 
could also be electrical, fiber optic, or possibly RF 6B for processing of data and test results from all of the 
connections. All other connections (TC, TD, TE1— biometric authentication devices. 



12/18/2003, EAST Version: 1.4.1 



System protocol is checked at block 56 and at step 57 
it is determined whether the threshold has been 
achieved. If not, branching is to block 59 to terminate 
action, otherwise to block 58 to continue action. If 
action is terminated, then the audit log is updated as 5 
indicated at block 60, rejection is signaled to the user at 
block 61, and the system awaits another external event 
as indicated at block 62. If action is continued as indi- 
cated at block 58, then the audit log is updated as indi- 
cated at block 63, the system protocol is checked as 10 
indicated at block 64, and the system determines at step 
65 whether continued use is indicated. If continued use 
is not indicated, branching is to block 62 to await an- 
other external event, while if continued use is indicated 
branching is to block 45 of FIG. 6 A. 15 

As mentioned previously, the continuous use of the 
biometric authentication devices for a given configura- 
tion could be made more user friendly by incorporating 
the biometric authentication devices into user interface 
controls of a protected system or device, and embodi- 20 
ments of such user interface controls are described fur- 
ther hereunder. 

An example of the above-mentioned technique in- 
volving the continuous use of the biometric authentica- 
tion devices can be seen from the description of FIG. 1. 25 
As discussed in the foregoing, the audio input required 
for the voiceprint analysis biometric authentication 
device according to FIG. 1 is gathered through the 
telephone mouthpiece audio transducer. Hence, the 
user's voice is sampled periodically, randomly, or even 30 
continuously while he or she is conversing. 

In another configuration of the system according to 
the present invention for protecting another device or 
system, word recognition may be employed during the 
normal use of the protected system. Voice commands 35 
that are normally employed during the use of a pro- 
tected system may be part of a reference list, and the 
system according to the present invention can then 
voice-analyze these word commands each time they are 
spoken. Or, the system according to the present inven- 40 
tion may voice-analyze a user's spoken reply to a visual 
or audio prompt or question. 

This principle (that the biometric authentication de- 
vice used is passive, i.e. not requiring affirmative action 
by the user) may be applied to a number of biometric 45 
authentication devices. 

As indicated in FIG. 7, in another embodiment of a 
biometric authentication device, a thumbscan sensor 
502 is incorporated into a handle 501 of a joystick 500. 
The thumbscan sensor 502 is positioned beneath the 50 
normal thumb position on the joystick 500. The con- 
necting leads of the sensor 502 are fed through the 
joystick 500 and back to a thumbscan processing unit 
(not shown). In FIG. 7, a sensor lead PB and a normal 
joystick function lead PC are shown extending away 55 
from the joystick 500 to their respective inputs. 

Suitable thumbscan units are available commercially. 
These include Thumbscan, Inc.'s Access Key Unit and 
both the Mint 11 and Minte 21 by Fingermatrix, Inc. 
The same principle may be applied to fingerprints for 60 
other hand-oriented controls, or toeprints for certain 
pedal-type controls. In the device of FIG. 7, a metal or 
plastic hood may be added to the top of the joystick 500 
to ensure continuously snug thumb contact during use. 

In FIG. 8A, a computer mouse 540 is depicted having 65 
a thumbscan unit sensor 542 incorporated into it in a 
similar manner to that of the joystick 500 of FIG. 7. The 
thumbscan unit sensor 542 may be oriented relative to a 



mouse casing 541, adapting it for either right-handed 
persons or left-handed persons, or both. A mouse lead 
PE is modified, or replaced, to carry both the mouse 
data and the sensor data. 

Shown in FIG. 8B is a computer mouse 520 carrying 
a hand geometry reader 522 in a mouse casing 521. The 
hand geometry reader or scanner 522 is wired through 
the mouse 520 and its lead runs back to the rest of the 
scanning unit along the same conduit PG as that of the 
mouse 520. 

In FIG. 9, a common lever-type control 560 is modi- 
fied for biometric authentication by provision of a sen- 
sor portion 563 supported between lever arms 561 and 
562. A support bar 564 stabilizes the lever arms 563 and 
562. The sensor portion 561 can be adapted to sense 
hand geometry or hand pressure characteristics, or 
perform a palmscan, thumbscan, or fingerprint scan. 
Again, the sensing device 563 is incorporated into the 
control device 560 itself, in this case as a bar or plate 563 
grasped by the user's hand. A data-carrying lead PI of 
the control 560 communicates with a control apparatus 
(not shown in FIG. 9). 

Other biometric authentication devices can also be 
incorporated. For example, a digital photo lens may be 
concealed in a control panel, an electronic weighing 
device may be concealed in a stool or chair before a 
control console, and a typing pattern pickup may be 
installed in a computer's keypad. Use of such devices is 
considered as being within the scope of the present 
invention. 

FIG. 10 depicts a typical video-oriented gaming ter- 
minal 600 modified to incorporate the system according 
to the present invention. A lens ZA used for digital 
photo comparison input is mounted in a cabinet 620 
such that the user is in constant view. This particular 
biometric authentication device is entirely passive and 
requires no special activity by the user. A microphone 
ZB is panel mounted, and is also a biometric authentica- 
tion device. This microphone could for example be used 
in the process of a game or other interactive operation 
with the gaming terminal 600, to enable the user to 
respond to visual and/or audio prompts by the game, or 
to enter commands for the game. 

In the system of FIG. 10, the audio data provided by 
the voice of the user can also be used according to the 
present invention as a biometric authentication device 
for enabling voice analysis to be performed as a way of 
authenticating the user. In this fashion, the user does not 
know which voice responses and commands are tested, 
or how often, or when. Depending on the security re- 
quired, the system may or may not prompt the user in a 
vein unrelated to the game. A joystick ZC is shown 
with a thumbscan sensor built into it, and with this 
device a thumbscan could be taken of the user's thumb 
as desired during the course of the game, and the user 
would not know when such scans are taken, or how 
often. This is a completely passive biometric test which 
would not interfere with normal gaming activity. A 
weight sensor ZD is built into the player's chair or stool 
610, and has a lead which runs back to the gaming unit 
and the system according to the present invention sys- 
tem. This, too, is a completely passive biometric test, 
requiring no user activity not game related. 

FIG. 11 depicts a typical computer station 650 pro- 
tected by the system according to the present invention. 
A lens ZE for a digital photo comparison input is 
mounted to a monitor 660 so that the user is always in 
view. Again, this is a form of a biometric authentication 
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device according, to the invention which is passive and 
which requires no user activity unrelated to normal 
computer use. A microphone ZF is also provided for 
receiving voice commands and replies, and also serves 
as an input source for the voice analysis biometric au- 5 
thentication device of the system according to the pres- 
ent invention. Suitable voice analysis devices are com- 
mercially available. They include the VoiceKey or 
VoicePak by ECCO Industries, Inc.; the Microlntro- 
Voice, Intro Voice V, IntroVoice VI, PTVC series and 10 
HAL series, all by Voice Connexion, among others. 

In the system of FIG. 11, a wrist circumference sen- 
sor ZC can also connected for use as a biometric au* 
thentication device. This biometric authentication de- 
vice is completely passive— it need only be attached at 15 
the beginning of use and left on for the duration of use. 
A weight sensor ZH in a chair 670 is also a passive 
device which is non-interfering with the user. A thumb- 
scanning or hand geometry-reading mouse ZI is part of 
the system 650 of FIG. 11 and is also a passive device. 20 
The user need only employ the mouse ZI in a usual 
fashion, and the user will not know when or how often 
biometric tests are performed. Also shown is a station 
keypad ZJ which is fitted with a sensing device which 
determines the user's typing pattern for biometric analy- 25 
sis and comparison. Such a biometric test is also passive, 
and could be employed repeatedly and unpredictably 
during station use. 

Whatever the method, the objective of such incorpo- 
ration is to lessen distraction caused by any of the bio- 30 
metric authentication devices. In this way, the system 
according to the present invention improves the secu- 
rity of a protected system or device while maintaining a 
low profile, with a minimum of diversion from, or inter- 
ference with, the protected system or device. 35 

Actual configurations and embodiments of the system 
according to the present invention can vary widely 
according to application, security needs, and progress in 
applicable technology. It is therefore contemplated as 
being within the scope of the present invention to in- 40 
elude all systems and configurations by which biometric 
and other data are continuously and/or intermittently 
taken and compared to a body of similar reference data 
for the purpose of authentication, such authentication 
being a prerequisite for access to, and continued use of, 45 
a protected system or device. 

Although a preferred embodiment of the invention 
has been shown and described, it will be readily appar- 
ent to those skilled in the art that various modifications 
may be made therein without departing from the spirit 50 
of the invention or from the scope of the appended 
claims. 

What is claimed is: 

1. A system for controlling access to a protected 
system or device at intermittent intervals during use by 55 
an individual, comprising: 
a biometric authentication device for detecting bio- 
metric data of the individual, said biometric au- 
thentication device producing biometric output 
data; and 60 
computing means receiving said biometric output 
data of said biometric authentication device and 
comparing said biometric output data with stored 
biometric data representing an individual autho- 
rized to use the protected system, for selectively 65 
enabling or disabling access to the protected sys- 
tem or device; said computing means including an 
intermittent initiating means for initiating collec- 
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tion of data from said biometric authentication 
device at intermittent intervals during use of the 
protected system or device by said individual. 

2. A system for controlling access as claimed in claim 
1, wherein said computing means comprises a CPU and 
a digital storage means containing said stored biometric 
data. 

3. A system for controlling access as claimed in claim 
1, wherein said computing means comprises a digital 
storage means for controlling said stored biometric 
data, a CPU, a program storage containing a program 
for said CPU, and a compare logic circuit for compar- 
ing the output of said biometric authentication device 
with a predetermined threshold value. 

4. A system for controlling access as claimed in claim 
1, wherein said computing means comprises a digital 
storage means for containing said stored biometric data 
and a CPU. 

5. A system for controlling access as claimed in claim 
4, wherein said computing means further comprises a 
function select circuit for selectively causing initiation 
of collection of data from said biometric authentication 
device, in order to permit the individual to begin use of 
the system or device. 

6. A system for controlling access to a protected 
system or device at intermittent intervals during use by 
an individual, comprising: 

a plurality of biometric authentication devices for 
detecting biometric data of the individual, said 
biometric authentication devices each producing 
biometric output data; and 

computing means receiving said biometric output 
data of each of said biometric authentication de- 
vices and comparing said biometric output data 
with stored biometric data corresponding to that 
collected by said biometric authentication devices, 
said stored biometric data representing an individ- 
ual authorized to use the protected system, for 
selectively enabling or disabling access to the pro- 
tected system or device; said computing means 
including an intermittent initiating means for initi- 
ating collection of data from each of said plurality 
of biometric authentication devices at intermittent 
intervals during use of the protected system or 
device by said individual. 

7. A system for controlling access as claimed in claim 
6, wherein said computing means comprises a CPU and 
a digital storage means containing said stored biometric 
data. 

8. A system for controlling access as claimed in claim 
6, wherein said computing means comprises a digital 
storage means for containing said stored biometric data, 
a CPU, a program storage containing a program for said 
CPU, and a compare logic circuit for comparing the 
output of each of said biometric authentication devices 
with corresponding predetermined threshold values. 

9. A system for controlling access as claimed in claim 
6, wherein said computing means comprises a digital 
storage means for containing said stored biometric data 
and a CPU. 

10. X system for controlling access as claimed in 
claim 9, wherein said computing means further com- 
prises a function select circuit for selectively causing 
initiation of collection of data from said biometric au- 
thentication device, in order to permit the individual to 
begin use of the system or device. 



12/18/2003, EAST Version: 1.4.1 



15 



5,229,764 



16 



10 



11. A method for controlling access to a protected 
system or device at intermittent intervals during use by 
an individual, comprising the steps of: 

providing storage means for storing biometric data 
relating to an individual; 5 

measuring biometric data relating to the individual 
and storing the measured biometric data in said 
storage means; 

providing a plurality of biometric authentication de- 
vices for detecting biometric data of the individual; 

using each of said biometric authentication devices to 
produce biometric output data; 

providing a computing means for receiving said bio- 
metric output data of each of said biometric au- 15 
thentication devices, said computing means includ- 
ing an intermittent initiating means for initiating 
collection of data from each of said plurality of 
biometric authentication devices at intermittent 
intervals during use of the protected system or 20 
device by said individual; 

using said computing means to compare said biomet- 
ric output data with the biometric data stored in 
said storage means, for selectively enabling or dis- 
abling access to the protected system or device by 25 
the individual. 

12. A method for controlling access as claimed in 
claim 11, wherein said computing means comprises a 
CPU. 

13. A method for controlling access as claimed in 
claim 11, wherein said computing means comprises a 
CPU, a program storage containing a program for said 
CPU, and a compare logic circuit for comparing the 
output of each said biometric authentication device 35 
with the stored biometric data. 

14. A method for controlling access as claimed in 
claim 11, wherein said computing means comprises a 
CPU. 

15. A method for controlling access to a protected 40 
system or device at intermittent intervals during normal 
use by an individual comprising the steps of: 

providing storage means for storing biometric data 
relating to an individual; 

measuring biometric data relating to the individual 45 
and storing the measured biometric data in said 
storage means; 

providing a plurality of biometric authentication de- 
vices for detecting biometric data of the individual; 

using each of said biometric authentication devices to 
produce biometric output data; 

providing a computing means for receiving said bio- 
metric output data of each of said biometric au- 
thentication devices; 55 

providing a user manipulatable interface means for 
communicating with said computing means, 
wherein said user manipulatable interface means 
comprises a manipulatable device which is con- 
nected with said biometric authentication device so 60 
that biometric output data is supplied by said user 
manipulatable interface means during normal use 



50 



of said user manipulatable interface means by the 
individual; and 
using said computing means to compare said biomet- 
ric output data with the biometric data stored in 
said storage means, for selectively enabling or dis- 
abling access to the protected system or device by 
the individual. 

16. A method for controlling access as claimed in 
claim 15, wherein said user manipulatable interface 
means comprises a mouse device. 

17. A method for controlling access as claimed in 
claim 16, wherein said biometric authentication device 
comprises a fingerprint reader mounted in said mouse 
device. 

18. A method for controlling access as claimed in 
claim 15, wherein said user manipulatable interface 
means comprises a joystick device. 

19. A method for controlling access as claimed in 
claim 18, wherein said biometric authentication device 
comprises a fingerprint reader mounted in said joystick 
device. 

20. A system for controlling access as claimed in 
claim 6, further comprising at least one user manipulat- 
able interface means for communicating with said com- 
puting means, wherein said at least one user manipulat- 
able interface means comprises a manipulatable device 
integrated with one of said plurality of biometric au- 
thentication devices. 

21. A system for controlling access as claimed in 
claim 1, wherein said intermittent intervals are periodic, 
equal intervals. 

22. A system for controlling access as claimed in 
claim 1, wherein said intermittent intervals are non- 
equal intervals. 

23. A system for controlling access as claimed in 
claim 1, wherein said intermittent intervals are ran- 
domly selected intervals, 

24. A system for controlling access to a protected 
system or device during normal use by an individual, 
comprising: 

a biometric authentication device for detecting bio- 
metric data of the individual, said biometric au- 
thentication device producing biometric output 
data; 

computing means receiving said biometric output 
data of said biometric authentication device and 
comparing said biometric output data with said 
stored biometric data representing an individual 
authorized to use the protected system or device, 
for selectively enabling or disabling access to the 
protected system or device during normal use of 
the protected system or device by the individual; 
said computing means including an initiating means 
for initiating collection of data from said biometric 
authentication device during normal use of the 
protected system or device by said individual; and 

a user manipulatable interface means for communi- 
cating with said computing means, wherein said 
user manipulatable interface means comprises a 
manipulatable device integrated with said biomet- 
ric authentication device. 
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